Privacy Policy


Privacy Statement


Privacy Overview

This summary sets out the key points about how AAFCANS handles personal information.

The  is designed to inform individuals about the way AAFCANS collects, stores, uses and discloses personal information. This policy also provides guidance about how you can access, or seek correction of, personal information held by AAFCANS.

Collection of personal information

Personal information (including sensitive information) about you may be collected by AAFCANS from you, from your agent, or from a third party.

AAFCANS may also collect personal information through our website and the AAFCANS App. We use this information to help us communicate with you.

Use and disclosure of personal information

AAFCANS may use and disclose collected information, including personal information, for the primary purpose for which it was collected. AAFCANS may also use and disclose your personal information for a secondary purpose where an exception in the APPs (Australian Privacy Principles) applies.

Access to and correction of personal information

Under the Privacy Act you have the right to ask for access to personal information that we hold about you and ask that we correct that personal information.

You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect.

How to make a complaint

You can complain to us in writing about how we have handled your personal information. We will respond to the complaint within 30 days.

Head of Governance & Risk,
Building E11, Lavarack Pde, Gallipoli Barracks, Enoggera   Qld   4051


Privacy Impact Assessment Register

AAFCANS as a Commonwealth agency has an obligation to conduct a privacy impact assessment (PIA) for all high privacy risk projects. This will be undertaken for projects that may impact the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.

The following register summarises the PIA assessments undertaken by AAFCANS:

Reference number

Name of project

Description of project



For further information on specific Privacy Impact Assessments or to make a complaint, please contact the Privacy Officer.

Last updated on 21st June 2022

Privacy Policy



AAFCANS respects and values your privacy and acknowledges that it has an obligation at law to protect the personal information of others, including customers, employees, contractors and other individuals.


This policy applies to all AAFCANS employees, directors, contractors and consultants.

Policy Statement

The following policy explains how and when personal information is collected, used, stored, and disclosed by AAFCANS in accordance with The Privacy Act 1988 and under the Australian Privacy Principles (APP).  Please refer to the Office of the Australian Information Commissioner website ( for additional details on how the APP operates.

Personal Information

The Privacy Act defines ‘Personal information’ as information or an opinion about an identifiable individual, or an individual who is reasonably identifiable:

  1. whether the information or opinion is true or not; and
  2. whether the information or opinion is recorded in material form or not.

How we collect your information (APP 1)

The main purposes for which we collect personal information are:

  • for recruitment and employment (including expressions of interest in working for AAFCANS);
  • for administration and management purposes, including Government compliance;
  • to reply to contact made by customers;
  • for marketing, media and public relation purposes.

We collect personal information directly from each individual.  We only collect personal information where you have consented, or you would reasonably expect us to collect personal information in that way.

Anonymity and pseudonymity (APP 2)

AAFCANS will allow customers to communicate and transact with it anonymously or by using a pseudonym, wherever it is reasonable and practical.

Information collected (APP 3)

The type of information collected for employment or administrative purposes would typically include your name, date of birth, gender, contact details, email, job title and interests.  Where relevant, we many ask for other information such as bank account details, tax file numbers, other financial information, driver’s licence details or details of directorships.

This is not an exhaustive list, however, unless disclosed to you prior or as required under employment conditions, we will not usually collect sensitive information (e.g. race or ethnic origins, religious beliefs, physical or mental health or sexual orientation).

Since we work on Defence bases, and access to these bases is restricted, criminal, and other background records will be sought in connection with your employment at AAFCANS.

We will also ask if you are a Defence spouse or relative upon employment and record such information for statistical purposes.  As a Government agency, we are required to report annually on staff members who identify as being of aboriginal and Torres Strait Islander descent, however, the provision of this information is completely voluntary.

All information reported under Government direction is provided in aggregated statistics and cannot be associated back to an individual unless required by law.

For contact and marketing purposes, information retained would be in accordance with the requirements of the account or electronic app.  This would likely include name and email.

Unsolicited personal information (APP 4)

If AAFCANS receives personal information about you from a source other than yourself, or it is information provided by you that we did not request, AAFCANS undertakes to determine within a reasonable period if we could have requested such personal information under APP 3.

If AAFCANS determines that we could have collected the information under APP 3, we may then use and treat that information as if we had collected the information in that manner.

If we determine that we could not have collected the information under APP 3, AAFCANS will destroy or de-identify that information within a reasonable period.

Notification of the collection of information (APP 5)

When we collect information about you, AAFCANS will make it clear to you, either at or before the time, or as soon as practicable afterwards, why we are collecting such information.

How we use the information (APP 6)

We will only use personal information to respond to lawful requests, to answer your enquiry, for direct marketing purposes where your information has been provided for that specific purpose, or in relation to your employment/services as an employee, director, or contractor.

The information is held only for as long as it is required to fulfil the purposes for which it was collected or as required by law.

Direct marketing (APP 7)

AAFCANS will only use personal information we hold for the purpose of direct marketing if you provided this information for this specific purpose.  Our direct marketing platforms include an option to opt out of receiving communications; if not actioned, direct marketing communications will continue to be utilised.

Personal information held by AAFCANS will not be disclosed to third parties except with your express permission (e.g. to a supplier as a result of competition, media and public relation events).


Cross border disclosure (APP 8)

We may deal with international parties.  Therefore, your information may be disclosed to overseas recipients where required by law (domestic or international) or to facilitate your deployment overseas.

AAFCANS will take steps to maintain the security of the information and will endeavour to see that its use is consistent with this policy and our obligations under The Privacy Act.  If we have to disclose your personal information, we will endeavour to advise you of the disclosure.

Email and website management

Whilst AAFCANS takes steps to provide a secure internet environment, you should be aware that there are inherent risks associated with the transmission of information via the internet.

Email addresses are collected from employees in accordance with this policy.  If a person is not an employee, then we will record the email address when a message is sent to us.  The email address will be used for the purpose for which it has been provided.

Our intranet or website may contain links to third party websites.  If you access those websites (including via a link from our intranet/website) you will be subject to the privacy policy of that third party.

In some cases, those third-party providers may not be subject to The Privacy Act. AAFCANS will not be taken to endorse or accept responsibility for any privacy issues arising as a consequence of accessing that web-link.

We do not use electronic cookies.  However, we may track your Internet use on our IT network.

If you use our IT network to visit social media websites or applications, any personal information or content that you contribute can be read, collected, and used by other users.

We have no control over use that occurs through this medium and are not responsible for any use, misuse, or misappropriation by other users of any personal information or content so contributed.  When using social media or social media websites, you should read and be aware of our Social Media Policy.

If you use our Wi-Fi network, we may track your device’s IP address when you register for our Wi-Fi service.

Use of Government related identifiers (APP 9)

AAFCANS does not use Government related identifiers.  AAFCANS will not use or disclose a Government related identifier unless the use or disclosure of the identifier is reasonably necessary for us to fulfil any obligations, we may have to a Government agency or an Australian State/Territory.  It may also be required or authorised in accordance with Australian laws, Courts or Tribunals.

Quality of information (APP 10)

AAFCANS will take all steps reasonable in the circumstances to ensure that personal information we collect from you is accurate, up to date and complete.  Where we collect information directly from you, we rely on you to supply accurate information and we may not consider further steps are required.


Security of information (APP 11)

The Privacy Act 1988 has specific provisions that prohibit any employee of AAFCANS from collecting, using or disclosing anyone’s personal information except in performing their duties and in specific situations permitted by law.  Your personal information is disclosed in accordance with the law or with your written permission.

We take all reasonable steps to ensure the integrity and security of administrative files, physical and electronic, in our possession to protect against loss, unauthorised access, misuse, disclosure or modifications and to ensure that only authorised employees have access to such material.

Data breaches

In the event of a data breach involving personal information, AAFCANS is obliged to advise any individual where that breach is likely to result in serious harm.  This is known as an ‘eligible data breach’.

This notification will include recommendations about the steps that should be taken by the impacted individuals in response to this breach.  AAFCANS will also notify the Australian Information Commissioner of the eligible data breach.

Access to personal information (APP 12)

AAFCANS will allow you access to any personal information we may hold on to your file unless there are lawful reasons to refuse you access.  Personal information can only be provided to a third party upon your written permission or if authorised by law.

In certain circumstances we may refuse access if we reasonably believe that doing so would pose a health or safety risk to any individual, have an unreasonable impact on the privacy of others, or that we consider the request to be frivolous or vexatious.

We will not release information if it relates to existing or anticipated legal proceedings between AAFCANS and yourself if

  • it would be protected by legal professional privilege;
  • any potential negotiations between AAFCANS and yourself would be prejudiced; or
  • doing so is illegal or in breach of any Court order.

If AAFCANS suspects that you are involved in an unlawful activity or serious misconduct in relation to our purpose and giving you access to the information would prejudice our position, AAFCANS will not release the information to you.

AAFCANS will not release information if by doing so, would reveal information that is commercially sensitive to AAFCANS.

Correction of personal information (APP 13)

If you believe that personal information collected by AAFCANS about you is inaccurate, incomplete or not up-to-date, please contact us and we will take reasonable steps to correct it in accordance with the requirements of The Privacy Act 1988.  AAFCANS will review our Privacy Policy every two (2) years or as required.

You can access our privacy policy on our website.


Contact us about privacy

For further information regarding this Privacy Statement or to advise of a breach of this Privacy Policy, please contact us via:

  • telephone on 07 3155 5375 between 7.30am and 3.30 pm Monday to Friday
  • in writing to the address below:

Head of Governance & Risk, AAFCANS

Building E11, Lavarack Pde, Gallipoli Barracks, Enoggera Qld 4051

Tim Manic
Managing Director

Policy Manager: Head of Governance & RiskApproval Authority: Managing Director
Date of Publication: 01 Oct 2021Date to be Reviewed: 01 Oct 2023